@@ -8,13 +8,17 @@ import semmle.code.java.dataflow.TaintTracking
88//import semmle.code.java.dataflow.FlowSources
99//import semmle.code.java.dataflow.internal.DataFlowNodes
1010/**
11- * An Asymmetric (RSA, DSA, DH) key length data flow tracking configuration.
11+ * A key length data flow tracking configuration.
1212 */
13- class AsymmetricKeyTrackingConfiguration extends DataFlow:: Configuration {
14- AsymmetricKeyTrackingConfiguration ( ) { this = "AsymmetricKeyTrackingConfiguration " }
13+ class KeyTrackingConfiguration extends DataFlow:: Configuration {
14+ KeyTrackingConfiguration ( ) { this = "KeyTrackingConfiguration " }
1515
1616 override predicate isSource ( DataFlow:: Node source , DataFlow:: FlowState state ) {
1717 //state instanceof DataFlow::FlowStateEmpty and
18+ // SYMMETRIC
19+ source .asExpr ( ) .( IntegerLiteral ) .getIntValue ( ) < 128 and state = "128"
20+ or
21+ // ASYMMETRIC
1822 source .asExpr ( ) .( IntegerLiteral ) .getIntValue ( ) < 2048 and state = "2048"
1923 or
2024 source .asExpr ( ) .( IntegerLiteral ) .getIntValue ( ) < 256 and state = "256"
@@ -23,6 +27,16 @@ class AsymmetricKeyTrackingConfiguration extends DataFlow::Configuration {
2327 }
2428
2529 override predicate isSink ( DataFlow:: Node sink , DataFlow:: FlowState state ) {
30+ // SYMMETRIC
31+ exists ( MethodAccess ma , JavaxCryptoKeyGenerator jcg |
32+ ma .getMethod ( ) instanceof KeyGeneratorInitMethod and
33+ jcg .getAlgoSpec ( ) .( StringLiteral ) .getValue ( ) .toUpperCase ( ) = "AES" and
34+ DataFlow:: localExprFlow ( jcg , ma .getQualifier ( ) ) and
35+ sink .asExpr ( ) = ma .getArgument ( 0 ) and
36+ state = "128"
37+ )
38+ or
39+ // ASYMMETRIC
2640 exists ( MethodAccess ma , JavaSecurityKeyPairGenerator jpg |
2741 ma .getMethod ( ) instanceof KeyPairGeneratorInitMethod and
2842 (
@@ -67,6 +81,7 @@ class AsymmetricKeyTrackingConfiguration extends DataFlow::Configuration {
6781 )
6882 }
6983
84+ // ! FlowStates seem to work without even including a step like the below... hmmm
7085 override predicate isAdditionalFlowStep (
7186 DataFlow:: Node node1 , DataFlow:: FlowState state1 , DataFlow:: Node node2 ,
7287 DataFlow:: FlowState state2
@@ -76,7 +91,6 @@ class AsymmetricKeyTrackingConfiguration extends DataFlow::Configuration {
7691 state2 = intLiteral .toString ( ) and
7792 node1 .asExpr ( ) = intLiteral and
7893 node2 .asExpr ( ) = intLiteral
79- //intLiteral.toString().toInt() = 64 // test viability of this craziness
8094 )
8195 }
8296}
0 commit comments